1// Copyright (C) 2017. See AUTHORS.
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//   http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15package openssl
16
17import (
18	"math/big"
19	"testing"
20	"time"
21)
22
23func TestCertGenerate(t *testing.T) {
24	key, err := GenerateRSAKey(2048)
25	if err != nil {
26		t.Fatal(err)
27	}
28	info := &CertificateInfo{
29		Serial:       big.NewInt(int64(1)),
30		Issued:       0,
31		Expires:      24 * time.Hour,
32		Country:      "US",
33		Organization: "Test",
34		CommonName:   "localhost",
35	}
36	cert, err := NewCertificate(info, key)
37	if err != nil {
38		t.Fatal(err)
39	}
40	if err := cert.Sign(key, EVP_SHA256); err != nil {
41		t.Fatal(err)
42	}
43}
44
45func TestCAGenerate(t *testing.T) {
46	cakey, err := GenerateRSAKey(2048)
47	if err != nil {
48		t.Fatal(err)
49	}
50	info := &CertificateInfo{
51		Serial:       big.NewInt(int64(1)),
52		Issued:       0,
53		Expires:      24 * time.Hour,
54		Country:      "US",
55		Organization: "Test CA",
56		CommonName:   "CA",
57	}
58	ca, err := NewCertificate(info, cakey)
59	if err != nil {
60		t.Fatal(err)
61	}
62	if err := ca.AddExtensions(map[NID]string{
63		NID_basic_constraints:      "critical,CA:TRUE",
64		NID_key_usage:              "critical,keyCertSign,cRLSign",
65		NID_subject_key_identifier: "hash",
66		NID_netscape_cert_type:     "sslCA",
67	}); err != nil {
68		t.Fatal(err)
69	}
70	if err := ca.Sign(cakey, EVP_SHA256); err != nil {
71		t.Fatal(err)
72	}
73	key, err := GenerateRSAKey(2048)
74	if err != nil {
75		t.Fatal(err)
76	}
77	info = &CertificateInfo{
78		Serial:       big.NewInt(int64(1)),
79		Issued:       0,
80		Expires:      24 * time.Hour,
81		Country:      "US",
82		Organization: "Test",
83		CommonName:   "localhost",
84	}
85	cert, err := NewCertificate(info, key)
86	if err != nil {
87		t.Fatal(err)
88	}
89	if err := cert.AddExtensions(map[NID]string{
90		NID_basic_constraints: "critical,CA:FALSE",
91		NID_key_usage:         "keyEncipherment",
92		NID_ext_key_usage:     "serverAuth",
93	}); err != nil {
94		t.Fatal(err)
95	}
96	if err := cert.SetIssuer(ca); err != nil {
97		t.Fatal(err)
98	}
99	if err := cert.Sign(cakey, EVP_SHA256); err != nil {
100		t.Fatal(err)
101	}
102}
103
104func TestCertGetNameEntry(t *testing.T) {
105	key, err := GenerateRSAKey(2048)
106	if err != nil {
107		t.Fatal(err)
108	}
109	info := &CertificateInfo{
110		Serial:       big.NewInt(int64(1)),
111		Issued:       0,
112		Expires:      24 * time.Hour,
113		Country:      "US",
114		Organization: "Test",
115		CommonName:   "localhost",
116	}
117	cert, err := NewCertificate(info, key)
118	if err != nil {
119		t.Fatal(err)
120	}
121	name, err := cert.GetSubjectName()
122	if err != nil {
123		t.Fatal(err)
124	}
125	entry, ok := name.GetEntry(NID_commonName)
126	if !ok {
127		t.Fatal("no common name")
128	}
129	if entry != "localhost" {
130		t.Fatalf("expected localhost; got %q", entry)
131	}
132	entry, ok = name.GetEntry(NID_localityName)
133	if ok {
134		t.Fatal("did not expect a locality name")
135	}
136	if entry != "" {
137		t.Fatalf("entry should be empty; got %q", entry)
138	}
139}
140